To Customer Support To Customer Support

Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
18th June, 2018 By Catalin Cimpanu
 


 
When it was released back in 2015, one of the main perks of Windows 10 was the improved security features that made it harder for rootkits to get a foothold on Microsoft's new OS.
 
But three years later, security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.
 
In fact, researchers say that 90% of all Zacinlo's recent victims are Windows 10 users, showing that crooks intentionally designed their "product" to work against Microsoft's latest OS.
 
Full Article.

10 replies

TripleHelix
Rank
Userlevel 7
Badge +63
Here is what Webroot has to say about this Malware!
 

SmartService Hashes:

SHA256: 1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0 


 
And VirusTotal: https://www.virustotal.com/#/file/1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0/detection
 
 
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Thank you Daniel that is good to know.
TripleHelix
Rank
Userlevel 7
Badge +63
By Staff Writer
Jun 20 2018
8:46AM
https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2fit_photo_116233.jpg&w=900&c=0&s=0
 

Malware takes screenshots of users' desktops, and has been operating silently for six years.

Researchers have uncovered a sophisticated rootkit-based adware, mainly prevalent on Windows 10 devices, that has been operating covertly for six years.
Dubbed Zacinlo, this rare strain of malware typically operates by silently rendering webpages in the background in hidden windows to simulate clicks and keyboard interactions, or can replace ads naturally loaded in an open web browser with its own ads to collect revenue.
The malware, subject to an extensive investigation by security company Bitdefender, is armed with a sophisticated array of features to ensure it remains undetected, and even quashes any 'competition', featuring an adware cleanup routine to remove any potential rivals in the adware space.
It can also uninstall or delete services based on instructions it receives from the command and control infrastructure, to which it routinely sends information about its environment, including what form of anti-malware services may be installed, and which applications are running on startup.
One of its most concerning features involves a significant invasion of privacy, with Zacinlo able to take screen captures of a user's desktop and send them to its command and control centre for analysis.
 
https://www.pcauthority.com.au/news/zacinlo-malware-threatens-windows-10-pcs-security-494826
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
B
Rank
Userlevel 3
Does Webroot have any protection/clean up for this rootkit?
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
@ wrote:
Does Webroot have any protection/clean up for this rootkit?
Hi @
I have merged this topic with a slightly earlier one and Daniel has posted a comment which may ineterest you on that subject, just scroll up a little bit.
TripleHelix
Rank
Userlevel 7
Badge +63
Thanks @ for merging I guess I didn't go back far enough to see this thread.
 
Cheers,
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
B
Rank
Userlevel 3
Thanks for the info! So does that mean Webroot would pick it up with a full scan or do I have to do something special to detect it?
 
Thanks,
Beckey.
TripleHelix
Rank
Userlevel 7
Badge +63
@ wrote:
Thanks for the info! So does that mean Webroot would pick it up with a full scan or do I have to do something special to detect it?
 
Thanks,
Beckey.
You don't need to do anything as WSA's Realtime Shield would detect it if you have it on your system, so your protected! ;)
 
HTH,
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
B
Rank
Userlevel 3
@ Thank you! That's a weight off my mind 🙂
TripleHelix
Rank
Userlevel 7
Badge +63
@ wrote:
@ Thank you! That's a weight off my mind :)
You're very Welcome and please if you have any further questions just ask as we like to keep users minds at ease! ;)
 
Have a great day!
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.